Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using safe HTML, avoiding javascript, and {{{ mustache }}} templates #27

Closed
badlydrawnrob opened this issue Mar 10, 2018 · 0 comments
Closed

Using safe HTML, avoiding javascript, and {{{ mustache }}} templates #27

badlydrawnrob opened this issue Mar 10, 2018 · 0 comments
Labels
enhancement

Comments

@badlydrawnrob
Copy link
Owner

badlydrawnrob commented Mar 10, 2018
edited
Loading

TL;DR

Stick to plain HTML and Markdown
You can find code we're using for Anki desktop app in themes/cards/ folder.

  1. Take care when you're adding code to Anki fields!
  2. I'd advise you to stick to plain Markdown and HTML in the Anki App, as javascript can break things.
  3. Also be careful when importing other people's decks (or using plugins), especially if they include javascript.
  4. The demo/ files are for preview purposes only.

Internal notes on Mustache.js

You can safely ignore this section if you're not wanting to create your own templates.
The themes/demo/ card is similar but not the same to themes/cards/. It's just for show.
Mustache escapes HTML by default to avoid malicious code. You can unescape it with {{{ triple brackets }}}

Mustache javascript library is the closest representation of the Anki app field templates that I can find. It's not exactly the same as the docs so beware of bugs.

We can generate live card previews that are compiled from the demo/ folder and the .json file populates the content.

  • {{{☆ Syntax}}} Triple brackets are used, to unescape json html in the live demo cards
  • Triple brackets will not work in the Anki app

Footnotes

  1. Mustache requires {{{ ... }}} triple brackets and escaped json to render our HTML data properly. This is not supported in Anki as it uses similar, but not the same, template language. The demo files are for preview and styling purposes only. If you want to edit these demo/ files, you can use an online tool to escape your json.

@badlydrawnrob badlydrawnrob changed the title Using mustache for live demo Using mustache for live demo (unescape JSON data) Mar 3, 2019
badlydrawnrob added a commit that referenced this issue Mar 3, 2019
@badlydrawnrob
Just use css (solves #5, #27, #31, #36, #37, #38)
45a34b0 
- delete stylus
- install less
- convert stylus to less/css
- convert $variables to var(--variables)
- delete twig hack
- use print-first.css file (until I convert to less)
- copy variables from print-first-css
- minor edit to --spacing- variables
@badlydrawnrob badlydrawnrob mentioned this issue Nov 26, 2023
Closed
@badlydrawnrob badlydrawnrob changed the title Using mustache for live demo (unescape JSON data) Using safe HTML, avoiding javascript, and {{{ mustache }}} templates Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@badlydrawnrob